The Hacker News — Cyber Security, Hacking, Technology News

The ISPs can now sell certain sensitive data like your browsing history without permission, thanks to the US Senate.

The US Senate on Wednesday voted, with 50 Republicans for it and 48 Democrats against, to roll back a set of broadband privacy regulations passed by the Federal Communication Commission (FCC) last year when it was under Democratic leadership.

In October, the Federal Communications Commission ruled that ISPs would need to get consumers' explicit consent before being allowed to sell their web browsing data to the advertisers or other big data companies.

Before the new rules could take effect on March 2, the President Trump's newly appointed FCC chairman Ajit Pai temporarily put a hold on these new privacy rules.

Ajit Pai argued that the rules, which are regulated by FTC, unfairly favored companies like Google, Twitter, and Facebook, who have the ability to collect more data than ISPs and thus dominate digital advertising.

"All actors in the online space should be subject to the same rules, and the federal government shouldn’t favor one set of companies over another," FCC said in a statement.

"Therefore, he has advocated returning to a technology-neutral privacy framework for the online world and harmonizing the FCC’s privacy rules for broadband providers with the FTC’s standards for others in the digital economy."

Pai wanted that the FCC and the FTC should treat all online entities the same way. So those new privacy policies should be scrapped.

If the latest decision gets approval from the House of Representatives and signed by President Trump, this will make it easier for ISPs like Verizon, Comcast, and AT&T, to earn more money by collecting and selling data on what you buy, where you browse, and what you search for your home, all without taking your consent.

Since the Senate used the Congressional Review Act (CRA) to overturn the privacy rules, if the repeal is passed, it would not only roll back the FCC's privacy rules but also prevent the regulatory body from making similar privacy regulations in the future if the.

Not surprisingly, the broadband industry applauded the FCC's move, calling it "a welcome recognition that consumers benefit most when privacy protections are consistently applied throughout the Internet ecosystem."

But, of course, privacy advocates are not at all happy with the voting, arguing that the Senate has put ISPs profits over users’ privacy.

Good News for privacy concerned people! Now, your online data will not be marketed for business; at least by your Internet Service Providers (ISPs).

Yes, it's time for your ISPs to ask your permission in order to share your sensitive data for marketing or advertisement purposes, the FCC rules.

On Thursday, the United States Federal Communications Commission (FCC) has imposed new privacy rules on Internet Service Providers (ISPs) that restrict them from sharing your online history with third parties without your consent.

In a 3-2 vote, the FCC approved the new rules by which many privacy advocates seem pleased, while some of them wanted the Commission to even apply the same rules to web-based services like Google and Facebook as well.

Initially proposed earlier this year, the new rule says: "ISPs are required to obtain affirmative 'opt-in' consent from consumers to use and share sensitive information."

What does 'sensitive' information mean here? The rule lists the following:

Your precise geo-location

Your children's information

Information about your health

Your financial data

Social Security Numbers (SNNs)

Your Web browsing history

App usage history

The content of your communication

Note: Your broadband provider can use and share this information if you give them explicit permission. So, you need to watch out for those invites and gently worded dialog boxes.

What's non-sensitive is information like your email address, service tier, IP address, bandwidth used and other information along those lines, but you can still officially opt-out.

The new rule also requires Internet providers to tell customers with "clear, conspicuous and persistent notice" about the information they are collecting on them and how/when they share it, and the "types of entities" they share it with.

The ISPs even need to notify its customers in the event of a data breach.

The FCC aims to provide consumers an increased choice, transparency, and security online over their personal information. Here's what the Commission writes:

"ISPs serve as a consumer's "on-ramp" to the Internet. Providers have the ability to see a tremendous amount of their customers' personal information that passes over that Internet connection, including their browsing habits. Consumers deserve the right to decide how that information is used and shared — and to protect their privacy and their children's privacy online."

Meanwhile, the advertisers are, of course, not at all happy with the FCC's move. The Association of National Advertisers called the new rules "unprecedented, misguided and extremely harmful," saying the move is bad for consumers as well as the U.S. economy.

However, ISPs have a year to comply with the new rules. So, it won't go into effect for at least a year.

Forget about supercookies, apps, and malware; your smartphone battery status is enough to monitor your online activity, according to a new report.

In 2015, researchers from Stanford University demonstrated a way to track users' locations – with up to 90 percent accuracy – by measuring the battery usage of the phone over a certain time.

The latest threat is much worse.

Two security researchers, Steve Engelhard and Arvind Narayanan, from Princeton University, have published a paper describing how phone's battery status has already been used to track users across different websites.

The issue is due to the Battery Status API (application programming interface).

How Does Battery Status API Help Advertisers Track You?

The battery status API was first introduced in HTML5 and had already shipped in browsers including Firefox, Chrome, and Opera by August last year.

The API is intended to allow site owners to see the percentage of battery life left on a laptop, tablet, or smartphone in an effort to deliver an energy-efficient version of their sites.

However, researchers warned last year about the API’s potential threat that could turn your battery level into a "fingerprintable" tracking identifier.

The researchers found that a combination of battery life loss in seconds and battery life as a percentage offers 14 Million different combinations, potentially providing a pseudo-unique identifier for each device that can be used to pinpoint specific devices between sites they visit.

Now, the last year's research has grown into a proper threat.

Advertisers Are Tracking You via your Battery Status

One of those researchers named Lukasz Olejnik has published a blog post this week, saying that companies are currently leveraging the potential of this battery status information.

"Some companies may be analyzing the possibility of monetising the access to battery levels," he writes. "When a battery is running low, people might be prone to some - otherwise different - decisions. In such circumstances, users will agree to pay more for a service."

Olejnik underlined the latest research by Engelhard and Narayanan, who discovered two tracking scripts of shady code running on the Internet at large scale, which take advantage of battery status API and currently tracking users.

The duo explains that they observed the behavior of two actual scripts and suggested the companies and other entities are perhaps leveraging this technique for their own purposes.

"These features are combined with other identifying features used to fingerprint a device," the researchers write in their paper titled, "Online Tracking: A 1-million-site measurement and analysis."

For in-depth information, you can head on to the research paper [PDF].

Here's come the worst part of this attack:

There's hardly any way to mitigate against this attack. Nothing works: Deleting browser cookies or using VPNs and AdBlockers will not solve your problem.

The only option is to plug your smartphone into the mains.

"Some companies may be analyzing the possibility of monetising the access to battery levels," Olejnik writes.

Over two months ago, Uber's head of economic research Keith Chen said the company had been monitoring the battery life of its users, as it knows users are more likely to pay a much higher price to hire a cab when their phone's battery is close to dying.

Yes, Verizon Communications Inc. is reportedly closing in on a deal to acquire Yahoo’s core business for about $5 Billion, according to a report from Bloomberg.

Since the agreement between the companies has not been finalized, it is unclear at this moment that which Yahoo's assets the deal would include.

"In order to preserve the integrity of the process, we're not going to comment on the issue until we've finalized an agreement," a Yahoo spokeswoman said in a statement provided to CNNMoney.

You might be wondering Why Verizon is buying Yahoo! Well, I’ll come to it in the second half of my article, because before discussing this point, let’s first focus on why Yahoo! wants to get acquired.

Why Yahoo Was Up For Sale?

Founded in 1995, Yahoo! was once the brightest star of the Web. But when its rivals including Google, Facebook and even few-years-old companies like Snapchat and WhatsApp have won over users, Yahoo! has not been able to maintain that glory.

But Mayer struggled to slow the overall ad sales decline of Yahoo! and failed.

Last Monday, the company accepted that its revenue fell 15% in the second quarter, after excluding accounting adjustments, and its operating profit fell 64%.

So, after keeping investors at bay for years, Mayer said Yahoo! would explore strategic alternatives, including selling its core assets.

Verizon has long been considered a suitable buyer for Yahoo’s Internet assets, which the telecom giant wants to combine with AOL - the American global mass media corporation bought by Verizon last year for $4.4 Billion.

Now, the two companies are in one-on-one discussions, and Verizon will reportedly acquire Yahoo! for about $5 Billion.

Here's Why Verizon Wants to Buy Yahoo!

So, why does a mobile telecom provider want to acquire the core editorial business of a failed Internet portal?

The sure short answer is:

Advertising!

With the success in the wireless industry, Verizon has been buying up Internet and ad technology companies, like AOL, to compete in a mobile advertising market dominated by two big players, Google and Facebook.

And for this same reason, it is now buying Yahoo!’s ad and content businesses.

Yahoo! has millions of users, and a collection of websites like Flickr, Tumblr, Yahoo Finance, and Yahoo Sports, including some digital-ad technology like Flurry and BrightRoll.

Since the growth of Verizon’s traditional telecom business has been decreased, companies like Yahoo! and AOL would necessarily help Verizon make money from digital advertising on mobile devices.

The deal would not only give Verizon a powerful collection of content and revenue from ad related to that content but also give the telecom company a considerable amount of user data to provide target advertisements to users by the telecom as well as others.

So, this is the kind of deal Verizon was interested in when it acquired Yahoo!

Good news, we bring an amazing deal of this month for our readers, where you can get hacking courses for as little as you want to pay and if you beat the average price you will receive the fully upgraded hacking bundle!